1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Using CIFS location for OpenVPN keys

Discussion in 'Tomato Firmware' started by schnappi, Jul 29, 2014.

  1. schnappi

    schnappi Serious Server Member

    RT-N66U can't fit OpenVPN keys in NVRAM.

    Is it possible to use a network drive (CIFS location) for OpenVPN keys similar to the below instead of entering the keys directly into Tomato?


    Tried to login to the router via a SFTP client to figure out the CIFS path. Toastman builds don't seem to allow SFTP access so didn't get anywhere here.
  2. Malitiacurt

    Malitiacurt Networkin' Nut Member

    Store it in JFFS?
  3. gfunkdave

    gfunkdave LI Guru Member

    You can store the keys in JFFS or CIFS. First, map the CIFS location in Administration -> CIFS Client. Then, go to your relevant OpenVPN client/server settings on the router and enter the following in the Advanced tab (assuming you put the keys in the root of the CIFS1 share):

    ca /cifs1/ca.crt
    cert /cifs1/server.crt
    key /cifs1/server.key
    dh /cifs1/dh2048.pem
    Probably a good idea to delete the keys from the Keys page first, just to make sure you don't run out of NVRAM.

    If you want to use JFFS, of course replace the cifs1 with jffs.
  4. schnappi

    schnappi Serious Server Member

    If one wanted to use CIFS for a static key is the following correct?

    secret /cifs1/key.txt
  5. gfunkdave

    gfunkdave LI Guru Member

    Yep, if the key.txt file is in the directory mapped to /cifs1.
  6. schnappi

    schnappi Serious Server Member

    All works great. Thanks!

    *Would constantly reading data from JFFS wear down the flash memory? Or is it only writing data to JFFS that wears down the flash memory? Basically thinking about the implications of using JFFS to store OpenVPN keys.
    Last edited: Aug 14, 2014
  7. koitsu

    koitsu Network Guru Member

    The majority of the wear-and-tear on flash (including NAND) is writes. Do not worry about reads. JFFS2 also implements its own methodologies to assist in intelligent wear-levelling (kudos to the authors for that).

Share This Page